There are several options that are not documented/appear to be exposed for the YAML configuration file in the photon-setup program which are available in the OVA's for Lightwave/Photon Controller which would be good to have exposed
1) The External URI of the Photon Controllers is set as the IP address of the Load Balancer and does not appear to be able to be set via the YAML file;
Impact: This creates problems with 302 authentication redirects and the lightwave configuration as all the registrations are done against the IP and not the DNS hostname or another configurable value; the Open ID Connection Client configuration has to be manually changed to include the DNS names. Further the 302 Redirect generated by Photon Controller sets the redirect_uri and the domain to the IP address so the generated cookie has the wrong Domain set and is not passed by the client if connecting to the Load Balancer via a DNS name and not the https://IP of LB:4343
2) The External Lightwave Address is not exposed by the installer; set to the IP address of the first lightwave server could this be exposed so it can be set; all of the redirects are to the IP address of the first Lightwave server which need to be rewritten by a Load Balancer if you want to not have the Lightwave servers directly accessible to clients
1) The Peering Secret is default as "secret" and does not appear that it can be changed via the YAML file; is it possible that this could be exposed in future releases to be set to something more secure/non-default ?
Hi,
There are several options that are not documented/appear to be exposed for the YAML configuration file in the photon-setup program which are available in the OVA's for Lightwave/Photon Controller which would be good to have exposed
1) The External URI of the Photon Controllers is set as the IP address of the Load Balancer and does not appear to be able to be set via the YAML file; Impact: This creates problems with 302 authentication redirects and the lightwave configuration as all the registrations are done against the IP and not the DNS hostname or another configurable value; the Open ID Connection Client configuration has to be manually changed to include the DNS names. Further the 302 Redirect generated by Photon Controller sets the redirect_uri and the domain to the IP address so the generated cookie has the wrong Domain set and is not passed by the client if connecting to the Load Balancer via a DNS name and not the https://IP of LB:4343
2) The External Lightwave Address is not exposed by the installer; set to the IP address of the first lightwave server could this be exposed so it can be set; all of the redirects are to the IP address of the first Lightwave server which need to be rewritten by a Load Balancer if you want to not have the Lightwave servers directly accessible to clients
1) The Peering Secret is default as "secret" and does not appear that it can be changed via the YAML file; is it possible that this could be exposed in future releases to be set to something more secure/non-default ?
Cheers